Updating a machine learning fraud model based on third party transaction information

ABSTRACT

A device receives first transaction information associated with a first transaction, and a first transaction account utilized for the first transaction and associated with a first financial institution. The device determines, based on a fraud model, that the first transaction is to be denied due to potential fraud associated with the first transaction account and receives second transaction information associated with a second transaction, and a second transaction account utilized for the second transaction and associated with a second financial institution. The device processes the first transaction information and the second transaction information, with a matching model, to determine whether the first transaction information matches the second transaction information and determines that the first transaction was incorrectly denied when the first transaction information matches the second transaction information within a predetermined threshold. The device performs one or more actions based on determining that the first transaction was incorrectly denied.

RELATED APPLICATION

This application is a continuation of U.S. Pat. Application No.15/929,921, filed May 29, 2020 (now U.S. Pat. No. 11,538,037), which isa continuation of U.S. Pat. Application No. 16/279,723, filed Feb. 19,2019 (now U.S. Pat. No. 10,672,005), the contents of which areincorporated herein by reference in their entireties.

BACKGROUND

A user utilizes a transaction card to perform in-person transactions(e.g., purchase goods and/or services at a merchant’s store), to performonline transactions (e.g., paying a bill, purchasing goods and/orservices, etc.), and/or the like. When performing a transaction with atransaction card, a merchant device may request approval of utilizationof the transaction card from a financial institution that issued thetransaction card.

SUMMARY

According to some implementations, a method may include receiving firsttransaction information associated with a first transaction, wherein thefirst transaction information may include information associated withthe first transaction, and a first transaction account utilized for thefirst transaction and associated with a first financial institution. Themethod may include determining, based on a fraud model, that the firsttransaction is to be denied due to potential fraud associated with thefirst transaction account and receiving second transaction informationassociated with a second transaction, wherein the second transactioninformation may include information associated with the secondtransaction, and a second transaction account utilized for the secondtransaction and associated with a second financial institution. Themethod may include processing the first transaction information and thesecond transaction information, with a matching model, to determinewhether the first transaction information matches the second transactioninformation and determining that the first transaction was incorrectlydenied, due to the potential fraud associated with the first transactionaccount, when the first transaction information matches the secondtransaction information within a predetermined threshold. The method mayinclude performing one or more actions based on determining that thefirst transaction was incorrectly denied.

According to some implementations, a device may include one or morememories and one or more processors, communicatively coupled to the oneor more memories, configured to receive first transaction informationassociated with a first transaction, wherein the first transactioninformation may include information associated with the firsttransaction, and a first transaction account utilized for the firsttransaction and associated with a first financial institution. The oneor more processors may deny, based on a fraud model, the firsttransaction due to potential fraud associated with the first transactionaccount and may receive second transaction information associated with asecond transaction, wherein the second transaction information mayinclude information associated with the second transaction, and a secondtransaction account utilized for the second transaction and associatedwith a second financial institution. The one or more processors mayprocess the second transaction information to generate processed secondtransaction information with substantially a same format as the firsttransaction information and may process the first transactioninformation and the processed second transaction information, with amatching model, to determine whether the first transaction informationmatches the processed second transaction information. The one or moreprocessors may determine that the first transaction was incorrectlydenied, due to the potential fraud associated with the first transactionaccount, when the first transaction information matches the processedsecond transaction information within a predetermined threshold and mayperform one or more actions based on determining that the firsttransaction was incorrectly denied.

According to some implementations, a non-transitory computer-readablemedium may store instructions that include one or more instructionsthat, when executed by one or more processors of a device, cause the oneor more processors to receive first transaction information associatedwith a first transaction, wherein the first transaction information mayinclude information associated with the first transaction, and a firsttransaction account utilized for the first transaction and associatedwith a first financial institution, and wherein the first transactioninformation may include information indicating that the firsttransaction was denied due to potential fraud associated with the firsttransaction account. The one or more instructions may cause the one ormore processors to receive second transaction information associatedwith a second transaction, wherein the second transaction informationmay include information associated with the second transaction, and asecond transaction account utilized for the second transaction andassociated with a second financial institution, and wherein the secondtransaction information may include information indicating that thesecond transaction was approved. The one or more instructions may causethe one or more processors to process the first transaction informationand the second transaction information, with a matching model, todetermine whether the first transaction information matches the secondtransaction information and determine that the first transaction wasincorrectly denied, due to the potential fraud associated with the firsttransaction account, when the first transaction informationsubstantially matches the second transaction information. The one ormore instructions may cause the one or more processors to updatetraining data for a fraud model, based on parameters of the fraud modelthat caused the first transaction to be incorrectly denied, to generateupdated training data and retrain the fraud model with the updatedtraining data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1A-1G are diagrams of an example implementation described herein.

FIG. 2 is a diagram of an example environment in which systems and/ormethods described herein may be implemented.

FIG. 3 is a diagram of example components of one or more devices of FIG.2 .

FIGS. 4-6 are flow charts of example processes for updating a machinelearning fraud model based on third party transaction information.

DETAILED DESCRIPTION

The following detailed description of example implementations refers tothe accompanying drawings. The same reference numbers in differentdrawings may identify the same or similar elements.

When a device associated with a financial institution receives a requestto utilize a transaction card (e.g., a credit card, a debit card, arewards card, and/or the like), issued by the financial institution, fora transaction, the device may process the request with a fraud model(i.e., a fraud detection model) before approving the transaction. If thefraud model indicates that the transaction should be denied, the deviceassociated with the financial institution will deny the transaction andnotify a merchant device about the denial. In many instances, a user ofthe transaction card will utilize another transaction card (e.g., issuedby another financial institution) to complete the transaction. If theother financial institution approves the transaction, the user maybecome upset and may cancel the transaction card with the financialinstitution, or may begin to use the other transaction card instead ofthe transaction card. Furthermore, the approval of the transaction bythe other financial institution provides an indication of a potentialtechnical problem with the fraud model utilized by the financialinstitution.

Some implementations described herein provide a fraud platform (i.e., afraud detection platform) that updates a machine learning fraud modelbased on third party transaction information. For example, the fraudplatform may receive first transaction information associated with afirst transaction, and a first transaction card utilized for the firsttransaction and associated with a first financial institution. The fraudplatform may determine, based on a fraud model, that the firsttransaction is to be denied due to potential fraud associated with thefirst transaction card, and may receive second transaction informationassociated with a second transaction and a second transaction cardutilized for the second transaction and associated with a secondfinancial institution. The fraud platform may process the firsttransaction information and the second transaction information, with amatching model, to determine whether the first transaction informationmatches the second transaction information and may determine that thefirst transaction was incorrectly denied, if the first transactioninformation matches the second transaction information within apredetermined threshold. The fraud platform may perform one or moreactions based on determining that the first transaction was incorrectlydenied.

While implementations have been described in connection with transactioncards by way of example, implementations described herein may beutilized with transaction accounts (e.g., a credit card account, asavings account, a checking account, a debit card account, a rewardscard account, and/or the like) that is associated with a paymentapplication executing on a user device.

In this way, the fraud platform quickly recognizes an incorrectly deniedtransaction and may attempt to compensate a customer associated with theincorrectly denied transaction for the inconvenience. Therefore, thefraud platform attempts to prevent losing the customer due to the deniedtransaction and improves customer service. The fraud platform alsoupdates training data associated with the fraud model, based on theincorrectly denied transaction, so that the fraud model does not denysimilar transactions in the future. This conserves resources (e.g.,processing resources, memory resources, and/or the like) that wouldotherwise be wasted in attempting to retain customers inconvenienced bya faulty fraud model.

FIGS. 1A-1G are diagrams of an example implementation 100 describedherein. As shown in FIG. 1A, a user device may be associated with a user(e.g., a customer), a first transaction card (e.g., transaction card 1),a merchant server device, and a fraud platform. The user of the userdevice may utilize the user device and/or the first transaction card toconduct a first transaction with the merchant server device. Forexample, a transaction account associated with the first transactioncard may be associated with in a payment application executing on theuser device, and the user may utilize the transaction account in thepayment application to purchase a good and/or a service offered by amerchant associated with the merchant server device.

As further shown in FIG. 1A, and by reference number 105, the fraudplatform may receive first transaction information from the merchantserver device based on the user device utilizing the first transactioncard to conduct the first transaction. In some implementations, thefirst transaction information may include information associated withthe first transaction, the first transaction card, a first financialinstitution (e.g., financial institution 1) associated with the firsttransaction card and/or the user, the user performing the firsttransaction, the merchant associated with the merchant server device,and/or the like. In some implementations, the fraud platform may beassociated with the first financial institution associated with thefirst transaction card and/or the user.

As further shown in FIG. 1A, the fraud platform may determine, based ona fraud model (e.g., a machine learning model), potential fraudassociated with the first transaction card. In some implementations, thefraud platform may utilize the fraud model to determine whether toapprove or deny transactions associated with transaction cards. Forexample, if the fraud model detects potential fraud associated with thefirst transaction card, the fraud platform may deny the firsttransaction. If the fraud model fails to detect potential fraudassociated with the first transaction card, the fraud platform mayapprove the first transaction. In the example shown in FIG. 1A, sincethe fraud model detects potential fraud associated with the firsttransaction card, the fraud platform may deny the first transaction. Insome implementations, the fraud platform may be part of or incommunication with an authorization platform that approves and/or deniestransactions.

As further shown in FIG. 1A, and by reference number 110, the fraudplatform may provide, to the merchant server device, informationindicating that the first transaction is denied due to potential fraudassociated with the first transaction card. In some implementations, themerchant server device may provide, for display to the merchant, theinformation indicating that the first transaction is denied for thefirst transaction card. In such implementations, the merchant may informthe user that the first transaction card was not approved for the firsttransaction.

As shown in FIG. 1B, in some implementations, the user may attempt asecond transaction (e.g., another attempt at the first transaction) witha second transaction card associated with a second financial institution(e.g., financial institution 2) that is different than the firstfinancial institution. The user of the user device may utilize the userdevice and/or the second transaction card to conduct the secondtransaction with the merchant server device. For example, a secondtransaction account may be associated with the payment applicationexecuting on the user device, and the user may utilize the secondtransaction account in the payment application to purchase the goodand/or the service offered by the merchant.

As further shown in FIG. 1B, and by reference number 115, a serverdevice associated with the second financial institution may receiveinformation associated with the second transaction, the secondtransaction card, the second financial institution associated with thesecond transaction card and/or the user, the user performing the secondtransaction, the merchant associated with the merchant server device,and/or the like. In some implementations, the server device associatedwith the second financial institution may approve the second transactionbased on failing to detect potential fraud associated with the secondtransaction card.

As further shown in FIG. 1B, and by reference number 120, the serverdevice associated with the second financial institution may provide, tothe merchant server device, information indicating that the secondtransaction is approved for the second transaction card. In someimplementations, the merchant server device may provide, for display tothe merchant, the information indicating that the second transaction isapproved for the second transaction card. In such implementations, themerchant may inform the user that the second transaction card wasapproved for the second transaction.

As shown in FIG. 1C, and by reference number 125, the fraud platform mayreceive, from the server device associated with the second financialinstitution, second transaction information based on the user deviceutilizing the second transaction card to conduct the second transaction.In some implementations, the second transaction information may includeinformation associated with the second transaction, the secondtransaction card, the second financial institution associated with thesecond transaction card and/or the user, the user performing the secondtransaction, the merchant associated with the merchant server device,and/or the like. In some implementations, the fraud platform may receivethe second transaction information in real time, near-real time,periodically, and/or the like. In some implementations, the fraudplatform may receive the second transaction information from third partysources rather than directly from the server device associated with thesecond financial institution. In some implementations, the fraudplatform may receive the second transaction information by scraping thesecond transaction information from the payment application executing onthe user device.

As shown in FIG. 1D, and by reference number 130, the fraud platform mayprocess the second transaction information to generate processed secondtransaction information with a same format as the first transactioninformation. In some implementations, the fraud platform may use one ormore processing techniques on the second transaction information togenerate the processed second transaction information. For example, thefraud platform may utilize a natural language processing technique, adata cleansing method, and/or the like, to process the secondtransaction information and generate the processed second transactioninformation.

In some implementations, the fraud platform may apply natural languageprocessing to interpret the second transaction information and generateadditional information associated with the potential meaning ofinformation within the second transaction information. Natural languageprocessing involves techniques performed (e.g., by a computer system) toanalyze, understand, and derive meaning from human language in a usefulway. Rather than treating text like a mere sequence of symbols, naturallanguage processing considers a hierarchical structure of language(e.g., several words can be treated as a phrase, several phrases can betreated as a sentence, and the words, phrases, and/or sentences conveyideas that can be interpreted). Natural language processing can beapplied to analyze text, allowing machines to understand how humansspeak, enabling real world applications such as automatic textsummarization, sentiment analysis, topic extraction, named entityrecognition, parts-of-speech tagging, relationship extraction, stemming,and/or the like.

In some implementations, the fraud platform may utilize a data cleansingmethod to process the second transaction information and to detectand/or correct corrupt or inaccurate data in the second transactioninformation. The data cleansing method may include detecting andcorrecting (or removing) corrupt or inaccurate data (e.g., records froma record set, table, or database), and then replacing, modifying, ordeleting the corrupt or inaccurate data. The data cleansing method maydetect and correct inconsistencies originally caused by user entryerrors, by corruption in transmission or storage, or by utilization ofdifferent definitions for similar data in different data stores. Thedata cleansing method may include removing typographical errors orvalidating and correcting values against a known list of entities. Inthis case, validation may be strict (e.g., rejecting any address thatdoes not have a valid postal code) or fuzzy (e.g., correcting recordsthat partially match existing, known records). The data cleansing methodmay also include cleaning data by cross checking the data with avalidated data set, standardizing the data by changing a reference dataset to a new standard (e.g., use of standard codes), and/or the like.Additionally, the data cleansing method may include data enhancement,where data is made more complete by adding related information (e.g.,appending an address with any phone number related to that address). Thedata cleansing method may also involve activities, such as harmonizationof data (e.g., harmonization of short codes (e.g., St., Rd., and/or thelike)) to actual words (e.g., street, road, and/or the like).

In this way, the fraud platform may process the second transactioninformation to generate the processed second transaction information.

As shown in FIG. 1E, and by reference number 135, the fraud platform mayprocess the first transaction information and the processed secondtransaction information, with a matching model, to determine whether thefirst transaction information matches the processed second transactioninformation. In some implementations, the matching model may determinewhether the first transaction information matches the processed secondtransaction information based on comparing an amount associated with thefirst transaction and an amount associated with the second transaction,comparing information indicating a merchant associated with the firsttransaction and information indicating a merchant associated with thesecond transaction, comparing information indicating a locationassociated with the first transaction and information indicating alocation associated with the second transaction, comparing informationindicating whether the first transaction occurred online or at aphysical location and information indicating whether the secondtransaction occurred online or at a physical location, comparinginformation indicating a time associated with the first transaction andinformation indicating a time associated with the second transaction,comparing information indicating a date associated with the firsttransaction and information indicating a date associated with the secondtransaction, and/or the like. In some implementations, the firsttransaction information may match and/or substantially match theprocessed second transaction information when one or more of thepreviously-mentioned parameters match for both the first transactioninformation and the processed second transaction information; whenparameters associated with the first transaction information matchparameters associated with the processed second transaction informationwithin a predetermined threshold (e.g., when 60%, 70%, 80%, and/or thelike of the first transaction information parameters match the processedsecond transaction information parameters); and/or the like.

In some implementations, the matching model may include a machinelearning model (e.g., a pattern recognition model) that is trained andreceived by the fraud platform from another source. In someimplementations, the fraud platform may perform a training operation onthe matching model, with historical data. The historical data mayinclude data identifying historical transactions associated withtransaction cards, amounts associated with the historical transactions,merchants associated with the historical transactions, locationsassociated with the historical transactions, whether the historicaltransactions occurred online or at physical locations, which of thehistorical transactions are associated with the same transaction butdifferent transaction cards, and/or the like.

The fraud platform may separate the historical data into a training set,a validation set, a test set, and/or the like. The training set may beutilized to train the matching model. The validation set may be utilizedto validate results of the trained matching model. The test set may beutilized to test operations of the matching model. In someimplementations, the fraud platform may train the matching model using,for example, an unsupervised training procedure and based on thehistorical data. For example, the fraud platform may performdimensionality reduction to reduce the historical data to a minimumfeature set, thereby reducing resources (e.g., processing resources,memory resources, and/or the like) to train the matching model and mayapply a classification technique to the minimum feature set.

In some implementations, the fraud platform may use a logisticregression classification technique to determine a categorical outcome(e.g., historical transactions that are associated with the sametransaction but different transaction cards). Additionally, oralternatively, the fraud platform may use a naive Bayesian classifiertechnique. In this case, the fraud platform may perform binary recursivepartitioning to split the historical data into partitions and/orbranches and use the partitions and/or branches to perform predictions(e.g., identifying historical transactions that are associated with thesame transaction but different transaction cards). Based on usingrecursive partitioning, the fraud platform may reduce utilization ofcomputing resources relative to manual, linear sorting and analysis ofdata points, thereby enabling use of thousands, millions, or billions ofdata points to train the matching model, which may result in a moreaccurate model than using fewer data points.

Additionally, or alternatively, the fraud platform may use a supportvector machine (SVM) classifier technique to generate a non-linearboundary between data points in the training set. In this case, thenon-linear boundary is used to classify test data into a particularclass or classes.

Additionally, or alternatively, the fraud platform may train thematching model using a supervised training procedure that includesreceiving input to the matching model from a subject matter expert,which may reduce an amount of time, an amount of processing resources,and/or the like to train the matching model relative to an unsupervisedtraining procedure. In some implementations, the fraud platform may useone or more other model training techniques, such as a neural networktechnique, a latent semantic indexing technique, and/or the like. Forexample, the fraud platform may perform an artificial neural networkprocessing technique (e.g., using a two-layer feedforward neural networkarchitecture, a three-layer feedforward neural network architecture,and/or the like) to perform pattern recognition with regard to patternsof the historical data. In this case, using the artificial neuralnetwork processing technique may improve an accuracy of the trainedmatching model generated by the fraud platform by being more robust tonoisy, imprecise, or incomplete data, and by enabling the fraud platformto detect patterns and/or trends undetectable to human analysts orsystems using less complex techniques.

As shown in FIG. 1F, and by reference number 140, the fraud platform maydetermine that the first transaction was incorrectly denied due topotential fraud associated with the first transaction card when thefirst transaction information matches the processed second transactioninformation. In some implementations, when the matching model determinesthat the first transaction information matches the processed secondtransaction information, the fraud platform may determine that the firsttransaction was incorrectly denied due to potential fraud associatedwith the first transaction card since the second transaction wasapproved and matches the first transaction. In some implementations,when the matching model determines that the first transactioninformation fails to match the processed second transaction information,the fraud platform may determine that the first transaction wascorrectly denied due to potential fraud associated with the firsttransaction card.

As shown in FIG. 1G, and by reference number 145, the fraud platform mayautomatically perform one or more actions based on determining that thefirst transaction was incorrectly denied due to potential fraud. In someimplementations, the one or more actions may include the fraud platformupdating training data for the fraud model and retraining the fraudmodel with the updated training data. In this way, the fraud model isupdated so that users are less likely to be inconvenienced in the futurewith incorrect transaction denials, which conserves resources that wouldotherwise be wasted in processing additional and unnecessarytransactions due to such incorrect transaction denials.

In some implementations, the one or more actions may include the fraudplatform providing a customer service communication (e.g., a call, atext, an email, and/or the like) to the user device associated with theuser. For example, the customer service communication may indicate thatthe transaction was incorrectly denied and may apologize to the user forthe inconvenience. In this way, the fraud platform minimizes damagedcustomer relations with the user caused by the incorrect denial of thetransaction.

In some implementations, the one or more actions may include the fraudplatform providing reward points, a gift, and/or the like to an accountassociated with the user. In this way, the fraud platform quicklyrecognizes the incorrectly denied transaction and promptly compensatesthe user for the inconvenience, which may prevent losing the user due tothe denied transaction and improves customer service.

In some implementations, the one or more actions may include the fraudplatform providing a communication (e.g., a call, a text, an email,and/or the like) to the user device associated with the user, to confirmthat the first transaction was incorrectly denied. In this way, thefraud platform minimizes damaged customer relations with the user causedby the incorrect denial of the transaction and conserves resources thatwould otherwise be wasted by the user attempting to contact the firstfinancial institution about the incorrectly denied transaction.

In some implementations, the one or more actions may include the fraudplatform removing a fraud lock on the first transaction card. In thisway, the user is able to promptly utilize the first transaction card forfuture transactions, which conserves resources that would otherwise bewasted by the user attempting to contact the first financial institutionabout the fraud lock.

In some implementations, the one or more actions may include the fraudplatform offering a promotion (e.g., a free checking account) to theuser. In this way, the fraud platform quickly recognizes the incorrectlydenied transaction and promptly compensates the user for theinconvenience, which prevents losing the user due to the deniedtransaction and improves customer service.

In some implementations, the one or more actions may include the fraudplatform increasing a spending limit associated with the firsttransaction card. In this way, the fraud platform promptly compensatesthe user for the inconvenience, which prevents losing the user due tothe denied transaction and improves customer service.

In some implementations, the one or more actions may include the fraudplatform reducing an interest rate associated with the first transactioncard. In this way, the fraud platform promptly compensates the user forthe inconvenience, which prevents losing the user due to the deniedtransaction and improves customer service.

In some implementations, the one or more actions may include the fraudplatform increasing a cash back offer associated with the firsttransaction card. In this way, the fraud platform promptly compensatesthe user for the inconvenience, which prevents losing the user due tothe denied transaction and improves customer service.

In this way, several different stages of the process for updating amachine learning fraud model and taking actions to remedy erroneousdenials may be automated based on third party transaction information,which may remove human subjectivity and waste from the process, andwhich may improve speed and efficiency of the process and conservecomputing resources (e.g., processing resources, memory resources,and/or the like). Furthermore, implementations described herein use arigorous, computerized process to perform tasks or roles that were notpreviously performed or were previously performed using subjective humanintuition or input. For example, currently there does not exist atechnique that updates a machine learning fraud model based on thirdparty transaction information. Finally, automating the process forupdating a machine learning fraud model based on third party transactioninformation conserves computing resources (e.g., processing resources,memory resources, and/or the like) that would otherwise be wasted inattempting to rectify transactions that were incorrectly denied by themachine learning fraud model.

As indicated above, FIGS. 1A-1G are provided merely as examples. Otherexamples may differ from what is described with regard to FIGS. 1A-1G.

FIG. 2 is a diagram of an example environment 200 in which systemsand/or methods described herein may be implemented. As shown in FIG. 2 ,environment 200 may include a user device 210, a fraud platform 220, anetwork 230, and a server device 240. Devices of environment 200 mayinterconnect via wired connections, wireless connections, or acombination of wired and wireless connections.

User device 210 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information, such astransaction information described herein. For example, user device 210may include a mobile phone (e.g., a smart phone, a radiotelephone,etc.), a laptop computer, a tablet computer, a desktop computer, ahandheld computer, a gaming device, a wearable communication device(e.g., a smart wristwatch, a pair of smart eyeglasses, etc.), or asimilar type of device. In some implementations, user device 210 mayreceive information from and/or transmit information to fraud platform220 and/or server device 240.

Fraud platform 220 includes one or more devices that update a machinelearning fraud model based on third party transaction information. Insome implementations, fraud platform 220 may be designed to be modularsuch that certain software components may be swapped in or out dependingon a particular need. As such, fraud platform 220 may be easily and/orquickly reconfigured for different uses. In some implementations, fraudplatform 220 may receive information from and/or transmit information toone or more user devices 210 and/or server devices 240.

In some implementations, as shown, fraud platform 220 may be hosted in acloud computing environment 222. Notably, while implementationsdescribed herein describe fraud platform 220 as being hosted in cloudcomputing environment 222, in some implementations, fraud platform 220may be non-cloud-based (i.e., may be implemented outside of a cloudcomputing environment) or may be partially cloud-based.

Cloud computing environment 222 includes an environment that hosts fraudplatform 220. Cloud computing environment 222 may provide computation,software, data access, storage, etc. services that do not requireend-user knowledge of a physical location and configuration of system(s)and/or device(s) that host fraud platform 220. As shown, cloud computingenvironment 222 may include a group of computing resources 224 (referredto collectively as “computing resources 224” and individually as“computing resource 224”).

Computing resource 224 includes one or more personal computers,workstation computers, server devices, and/or other types of computationand/or communication devices. In some implementations, computingresource 224 may host fraud platform 220. The cloud resources mayinclude compute instances executing in computing resource 224, storagedevices provided in computing resource 224, data transfer devicesprovided by computing resource 224, etc. In some implementations,computing resource 224 may communicate with other computing resources224 via wired connections, wireless connections, or a combination ofwired and wireless connections.

As further shown in FIG. 2 , computing resource 224 includes a group ofcloud resources, such as one or more applications (“APPs”) 224-1, one ormore virtual machines (“VMs”) 224-2, virtualized storage (“VSs”) 224-3,one or more hypervisors (“HYPs”) 224-4, and/or the like.

Application 224-1 includes one or more software applications that may beprovided to or accessed by user device 210. Application 224-1 mayeliminate a need to install and execute the software applications onuser device 210. For example, application 224-1 may include softwareassociated with fraud platform 220 and/or any other software capable ofbeing provided via cloud computing environment 222. In someimplementations, one application 224-1 may send/receive informationto/from one or more other applications 224-1, via virtual machine 224-2.

Virtual machine 224-2 includes a software implementation of a machine(e.g., a computer) that executes programs like a physical machine.Virtual machine 224-2 may be either a system virtual machine or aprocess virtual machine, depending upon use and degree of correspondenceto any real machine by virtual machine 224-2. A system virtual machinemay provide a complete system platform that supports execution of acomplete operating system (“OS”). A process virtual machine may executea single program and may support a single process. In someimplementations, virtual machine 224-2 may execute on behalf of a user(e.g., a user of user device 210 and/or server device 240 or an operatorof fraud platform 220), and may manage infrastructure of cloud computingenvironment 222, such as data management, synchronization, orlong-duration data transfers.

Virtualized storage 224-3 includes one or more storage systems and/orone or more devices that use virtualization techniques within thestorage systems or devices of computing resource 224. In someimplementations, within the context of a storage system, types ofvirtualizations may include block virtualization and filevirtualization. Block virtualization may refer to abstraction (orseparation) of logical storage from physical storage so that the storagesystem may be accessed without regard to physical storage orheterogeneous structure. The separation may permit administrators of thestorage system flexibility in how the administrators manage storage forend users. File virtualization may eliminate dependencies between dataaccessed at a file level and a location where files are physicallystored. This may enable optimization of storage use, serverconsolidation, and/or performance of non-disruptive file migrations.

Hypervisor 224-4 may provide hardware virtualization techniques thatallow multiple operating systems (e.g., “guest operating systems”) toexecute concurrently on a host computer, such as computing resource 224.Hypervisor 224-4 may present a virtual operating platform to the guestoperating systems and may manage the execution of the guest operatingsystems. Multiple instances of a variety of operating systems may sharevirtualized hardware resources.

Network 230 includes one or more wired and/or wireless networks. Forexample, network 230 may include a cellular network (e.g., a fifthgeneration (5G) network, a long-term evolution (LTE) network, a thirdgeneration (3G) network, a code division multiple access (CDMA) network,etc.), a public land mobile network (PLMN), a local area network (LAN),a wide area network (WAN), a metropolitan area network (MAN), atelephone network (e.g., the Public Switched Telephone Network (PSTN)),a private network, an ad hoc network, an intranet, the Internet, a fiberoptic-based network, and/or the like, and/or a combination of these orother types of networks.

Server device 240 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information, such asinformation described herein. For example, server device 240 may includea laptop computer, a tablet computer, a desktop computer, a serverdevice, a group of server devices, or a similar type of device,associated with a merchant, a financial institution, and/or the like. Insome implementations, server device 240 may receive information fromand/or transmit information to user device 210 and/or fraud platform220.

The number and arrangement of devices and networks shown in FIG. 2 areprovided as an example. In practice, there may be additional devicesand/or networks, fewer devices and/or networks, different devices and/ornetworks, or differently arranged devices and/or networks than thoseshown in FIG. 2 . Furthermore, two or more devices shown in FIG. 2 maybe implemented within a single device, or a single device shown in FIG.2 may be implemented as multiple, distributed devices. Additionally, oralternatively, a set of devices (e.g., one or more devices) ofenvironment 200 may perform one or more functions described as beingperformed by another set of devices of environment 200.

FIG. 3 is a diagram of example components of a device 300. Device 300may correspond to user device 210, fraud platform 220, computingresource 224, and/or server device 240. In some implementations, userdevice 210, fraud platform 220, computing resource 224, and/or serverdevice 240 may include one or more devices 300 and/or one or morecomponents of device 300. As shown in FIG. 3 , device 300 may include abus 310, a processor 320, a memory 330, a storage component 340, aninput component 350, an output component 360, and/or a communicationinterface 370.

Bus 310 includes a component that permits communication among thecomponents of device 300. Processor 320 is implemented in hardware,firmware, and/or a combination of hardware and software. Processor 320is a central processing unit (CPU), a graphics processing unit (GPU), anaccelerated processing unit (APU), a microprocessor, a microcontroller,a digital signal processor (DSP), a field-programmable gate array(FPGA), an application-specific integrated circuit (ASIC), or anothertype of processing component. In some implementations, processor 320includes one or more processors capable of being programmed to perform afunction. Memory 330 includes a random-access memory (RAM), a read onlymemory (ROM), and/or another type of dynamic or static storage device(e.g., a flash memory, a magnetic memory, and/or an optical memory) thatstores information and/or instructions for use by processor 320.

Storage component 340 stores information and/or software related to theoperation and use of device 300. For example, storage component 340 mayinclude a hard disk (e.g., a magnetic disk, an optical disk, amagneto-optic disk, and/or a solid-state disk), a compact disc (CD), adigital versatile disc (DVD), a floppy disk, a cartridge, a magnetictape, and/or another type of non-transitory computer-readable medium,along with a corresponding drive.

Input component 350 includes a component that permits device 300 toreceive information, such as via user input (e.g., a touch screendisplay, a keyboard, a keypad, a mouse, a button, a switch, and/or amicrophone). Additionally, or alternatively, input component 350 mayinclude a sensor for sensing information (e.g., a global positioningsystem (GPS) component, an accelerometer, a gyroscope, and/or anactuator). Output component 360 includes a component that providesoutput information from device 300 (e.g., a display, a speaker, and/orone or more light-emitting diodes (LEDs)).

Communication interface 370 includes a transceiver-like component (e.g.,a transceiver and/or a separate receiver and transmitter) that enablesdevice 300 to communicate with other devices, such as via a wiredconnection, a wireless connection, or a combination of wired andwireless connections. Communication interface 370 may permit device 300to receive information from another device and/or provide information toanother device. For example, communication interface 370 may include anEthernet interface, an optical interface, a coaxial interface, aninfrared interface, a radio frequency (RF) interface, a universal serialbus (USB) interface, a Wi-Fi interface, a cellular network interface,and/or the like.

Device 300 may perform one or more processes described herein. Device300 may perform these processes based on processor 320 executingsoftware instructions stored by a non-transitory computer-readablemedium, such as memory 330 and/or storage component 340. Acomputer-readable medium is defined herein as a non-transitory memorydevice. A memory device includes memory space within a single physicalstorage device or memory space spread across multiple physical storagedevices.

Software instructions may be read into memory 330 and/or storagecomponent 340 from another computer-readable medium or from anotherdevice via communication interface 370. When executed, softwareinstructions stored in memory 330 and/or storage component 340 may causeprocessor 320 to perform one or more processes described herein.Additionally, or alternatively, hardwired circuitry may be used in placeof or in combination with software instructions to perform one or moreprocesses described herein. Thus, implementations described herein arenot limited to any specific combination of hardware circuitry andsoftware.

The number and arrangement of components shown in FIG. 3 are provided asan example. In practice, device 300 may include additional components,fewer components, different components, or differently arrangedcomponents than those shown in FIG. 3 . Additionally, or alternatively,a set of components (e.g., one or more components) of device 300 mayperform one or more functions described as being performed by anotherset of components of device 300.

FIG. 4 is a flow chart of an example process 400 for updating a machinelearning fraud model based on third party transaction information. Insome implementations, one or more process blocks of FIG. 4 may beperformed by a fraud platform (e.g., fraud platform 220). In someimplementations, one or more process blocks of FIG. 4 may be performedby another device or a group of devices separate from or including thefraud platform, such as a user device (e.g., user device 210) and/or aserver device (e.g., server device 240).

As shown in FIG. 4 , process 400 may include receiving first transactioninformation associated with a first transaction, wherein the firsttransaction information includes information associated with the firsttransaction, and a first transaction card utilized for the firsttransaction and associated with a first financial institution (block410). For example, the fraud platform (e.g., using computing resource224, processor 320, communication interface 370, and/or the like) mayreceive first transaction information associated with a firsttransaction, as described above in connection with FIG. 1A-2. In someimplementations, the first transaction information may includeinformation associated with the first transaction, and a firsttransaction card utilized for the first transaction and associated witha first financial institution.

As further shown in FIG. 4 , process 400 may include determining, basedon a fraud model, that the first transaction is to be denied due topotential fraud associated with the first transaction card (block 420).For example, the fraud platform (e.g., using computing resource 224,processor 320, memory 330, and/or the like) may determine, based on afraud model, that the first transaction is to be denied due to potentialfraud associated with the first transaction card, as described above inconnection with FIG. 1A-2.

As further shown in FIG. 4 , process 400 may include receiving secondtransaction information associated with a second transaction, whereinthe second transaction information includes information associated withthe second transaction and a second transaction card utilized for thesecond transaction and associated with a second financial institution(block 430). For example, the fraud platform (e.g., using computingresource 224, processor 320, communication interface 370, and/or thelike) may receive second transaction information associated with asecond transaction, as described above in connection with FIG. 1A-2. Insome implementations, the second transaction information may includeinformation associated with the second transaction, and informationassociated with a second transaction card utilized for the secondtransaction and associated with a second financial institution.

As further shown in FIG. 4 , process 400 may include processing thefirst transaction information and the second transaction information,with a matching model, to determine whether the first transactioninformation matches the second transaction information (block 440). Forexample, the fraud platform (e.g., using computing resource 224,processor 320, memory 330, and/or the like) may process the firsttransaction information and the second transaction information, with amatching model, to determine whether the first transaction informationmatches the second transaction information, as described above inconnection with FIG. 1A-2.

As further shown in FIG. 4 , process 400 may include determining thatthe first transaction was incorrectly denied, due to the potential fraudassociated with the first transaction card, when the first transactioninformation matches the second transaction information within apredetermined threshold (block 450). For example, the fraud platform(e.g., using computing resource 224, processor 320, storage component340, and/or the like) may determine that the first transaction wasincorrectly denied, due to the potential fraud associated with the firsttransaction card, when the first transaction information matches thesecond transaction information within a predetermined threshold, asdescribed above in connection with FIG. 1A-2.

As further shown in FIG. 4 , process 400 may include performing one ormore actions based on determining that the first transaction wasincorrectly denied (block 460). For example, the fraud platform (e.g.,using computing resource 224, processor 320, memory 330, communicationinterface 370, and/or the like) may perform one or more actions based ondetermining that the first transaction was incorrectly denied, asdescribed above in connection with FIG. 1A-2.

Process 400 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or described with regard to any other process described herein.

In some implementations, the fraud platform may process the secondtransaction information to generate processed second transactioninformation with a same format as the first transaction information. Insome implementations, when performing the one or more actions, the fraudplatform may update training data for the fraud model, based onparameters of the fraud model that caused the first transaction to beincorrectly denied, to generate updated training data, and may retrainthe fraud model with the updated training data.

In some implementations, when performing the one or more actions, thefraud platform may provide a customer service communication to a userdevice associated with a user of the first transaction card and thesecond transaction card, may provide reward points to an accountassociated with the user, may provide, to the user device, acommunication requesting confirmation that the first transaction wasincorrectly denied, and/or may remove a fraud lock on the firsttransaction card.

In some implementations, when performing the one or more actions, thefraud platform may provide a promotion to a user device associated witha user of the first transaction card and the second transaction card,may increase a spending limit associated with the first transactioncard, may reduce an interest rate associated with the first transactioncard, and/or may increase a cash back offer associated with the firsttransaction card.

In some implementations, when processing the first transactioninformation and the second transaction information with the matchingmodel, the fraud platform may compare a first amount associated with thefirst transaction and a second amount associated with the secondtransaction, may compare first merchant information associated with thefirst transaction and second merchant information associated with thesecond transaction, may compare first location information associatedwith the first transaction and second location information associatedwith the second transaction, may compare first source informationindicating whether the first transaction occurred online or at a firstphysical location and second source information indicating whether thesecond transaction occurred online or at a second physical location, maycompare first time information associated with the first transaction andsecond time information associated with the second transaction, maycompare first date information associated with the first transaction andsecond date information associated with the second transaction, and/orthe like.

In some implementations, when receiving the second transactioninformation associated with the second transaction, the fraud platformmay receive the second transaction information from the second financialinstitution, from a third party, or via scraping.

Although FIG. 4 shows example blocks of process 400, in someimplementations, process 400 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 4 . Additionally, or alternatively, two or more of theblocks of process 400 may be performed in parallel.

FIG. 5 is a flow chart of an example process 500 for updating a machinelearning fraud model based on third party transaction information. Insome implementations, one or more process blocks of FIG. 5 may beperformed by a fraud platform (e.g., fraud platform 220). In someimplementations, one or more process blocks of FIG. 5 may be performedby another device or a group of devices separate from or including thefraud platform, such as a user device (e.g., user device 210) and/or aserver device (e.g., server device 240).

As shown in FIG. 5 , process 500 may include receiving first transactioninformation associated with a first transaction, wherein the firsttransaction information includes information associated with the firsttransaction, and a first transaction card utilized for the firsttransaction and associated with a first financial institution (block510). For example, the fraud platform (e.g., using computing resource224, processor 320, communication interface 370, and/or the like) mayreceive first transaction information associated with a firsttransaction, as described above in connection with FIG. 1A-2. In someimplementations, the first transaction information may includeinformation associated with the first transaction, and informationassociated with a first transaction card utilized for the firsttransaction and associated with a first financial institution.

As further shown in FIG. 5 , process 500 may include denying, based on afraud model, the first transaction, due to potential fraud associatedwith the first transaction card (block 520). For example, the fraudplatform (e.g., using computing resource 224, processor 320, memory 330,and/or the like) may deny, based on a fraud model, the first transactiondue to potential fraud associated with the first transaction card, asdescribed above in connection with FIG. 1A-2.

As further shown in FIG. 5 , process 500 may include receiving secondtransaction information associated with a second transaction, whereinthe second transaction information includes information associated withthe second transaction, and a second transaction card utilized for thesecond transaction and associated with a second financial institution(block 530). For example, the fraud platform (e.g., using computingresource 224, processor 320, communication interface 370, and/or thelike) may receive second transaction information associated with asecond transaction, as described above in connection with FIG. 1A-2. Insome implementations, the second transaction information may includeinformation associated with the second transaction, and informationassociated with a second transaction card utilized for the secondtransaction and associated with a second financial institution.

As further shown in FIG. 5 , process 500 may include processing thesecond transaction information to generate processed second transactioninformation with substantially a same format as the first transactioninformation (block 540). For example, the fraud platform (e.g., usingcomputing resource 224, processor 320, storage component 340, and/or thelike) may process the second transaction information to generateprocessed second transaction information with substantially a sameformat as the first transaction information, as described above inconnection with FIG. 1A-2.

As further shown in FIG. 5 , process 500 may include processing thefirst transaction information and the processed second transactioninformation, with a matching model, to determine whether the firsttransaction information matches the processed second transactioninformation (block 550). For example, the fraud platform (e.g., usingcomputing resource 224, processor 320, memory 330, and/or the like) mayprocess the first transaction information and the processed secondtransaction information, with a matching model, to determine whether thefirst transaction information matches the processed second transactioninformation, as described above in connection with FIG. 1A-2.

As further shown in FIG. 5 , process 500 may include determining thatthe first transaction was incorrectly denied, due to the potential fraudassociated with the first transaction card, when the first transactioninformation matches the processed second transaction information withina predetermined threshold (block 560). For example, the fraud platform(e.g., using computing resource 224, processor 320, storage component340, and/or the like) may determine that the first transaction wasincorrectly denied, due to the potential fraud associated with the firsttransaction card, when the first transaction information matches theprocessed second transaction information within a predeterminedthreshold, as described above in connection with FIG. 1A-2.

As further shown in FIG. 5 , process 500 may include performing one ormore actions based on determining that the first transaction wasincorrectly denied (block 570). For example, the fraud platform (e.g.,using computing resource 224, processor 320, memory 330, communicationinterface 370, and/or the like) may perform one or more actions based ondetermining that the first transaction was incorrectly denied, asdescribed above in connection with FIG. 1A-2.

Process 500 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or described with regard to any other process described herein.

In some implementations, the matching model may include a fuzzymatching-based machine learning model. In some implementations, whenperforming the one or more actions, the fraud platform may updatetraining data for the fraud model, based on parameters of the fraudmodel that caused the first transaction to be incorrectly denied, togenerate updated training data, and may retrain the fraud model with theupdated training data.

In some implementations, when performing the one or more actions, thefraud platform may provide a customer service communication to a userdevice associated with a user of the first transaction card and thesecond transaction card, may provide reward points to an accountassociated with the user; may provide, to the user device, acommunication requesting confirmation that the first transaction wasincorrectly denied; may remove a fraud lock on the first transactioncard, may provide a promotion to the user device; may increase aspending limit associated with the first transaction card; may reduce aninterest rate associated with the first transaction card; and/or mayincrease a cash back offer associated with the first transaction card.

In some implementations, when processing the second transactioninformation to generate the processed second transaction information,the fraud platform may process the second transaction information with adata cleansing technique to generate cleansed second transactioninformation, and may correlate the cleansed second transactioninformation with the first transaction information to generate theprocessed second transaction information with substantially the sameformat as the first transaction information.

In some implementations, when processing the first transactioninformation and the processed second transaction information with thematching model, the fraud platform may compare a first amount associatedwith the first transaction and a second amount associated with thesecond transaction, may compare first merchant information associatedwith the first transaction and second merchant information associatedwith the second transaction, may compare first location informationassociated with the first transaction and second location informationassociated with the second transaction, may compare first sourceinformation indicating whether the first transaction occurred online orat a first physical location and second source information indicatingwhether the second transaction occurred online or at a second physicallocation, may compare first time information associated with the firsttransaction and second time information associated with the secondtransaction, may compare first date information associated with thefirst transaction and second date information associated with the secondtransaction, and/or the like.

In some implementations, when receiving the first transactioninformation associated with the first transaction, the fraud platformmay receive the first transaction information from the first financialinstitution or a merchant associated with the first transaction.

Although FIG. 5 shows example blocks of process 500, in someimplementations, process 500 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 5 . Additionally, or alternatively, two or more of theblocks of process 500 may be performed in parallel.

FIG. 6 is a flow chart of an example process 600 for updating a machinelearning fraud model based on third party transaction information. Insome implementations, one or more process blocks of FIG. 6 may beperformed by a fraud platform (e.g., fraud platform 220). In someimplementations, one or more process blocks of FIG. 6 may be performedby another device or a group of devices separate from or including thefraud platform, such as a user device (e.g., user device 210) and/or aserver device (e.g., server device 240).

As shown in FIG. 6 , process 600 may include receiving first transactioninformation associated with a first transaction, wherein the firsttransaction information includes information associated with the firsttransaction, and a first transaction account utilized for the firsttransaction and associated with a first financial institution, andwherein the first transaction information includes informationindicating that the first transaction was denied due to potential fraudassociated with the first transaction account (block 610). For example,the fraud platform (e.g., using computing resource 224, processor 320,communication interface 370, and/or the like) may receive firsttransaction information associated with a first transaction, asdescribed above in connection with FIG. 1A-2. In some implementations,the first transaction information may include information associatedwith the first transaction, and with a first transaction accountutilized for the first transaction and associated with a first financialinstitution. In some implementations, the first transaction informationmay include information indicating that the first transaction was denieddue to potential fraud associated with the first transaction account.

As further shown in FIG. 6 , process 600 may include receiving secondtransaction information associated with a second transaction, whereinthe second transaction information includes information associated withthe second transaction, and a second transaction account utilized forthe second transaction and associated with a second financialinstitution, and wherein the second transaction information includesinformation indicating that the second transaction was approved (block620). For example, the fraud platform (e.g., using computing resource224, processor 320, storage component 340, communication interface 370,and/or the like) may receive second transaction information associatedwith a second transaction, as described above in connection with FIG.1A-2. In some implementations, the second transaction information mayinclude information associated with the second transaction, and with asecond transaction account utilized for the second transaction andassociated with a second financial institution. In some implementations,the second transaction information may include information indicatingthat the second transaction was approved.

As further shown in FIG. 6 , process 600 may include processing thefirst transaction information and the second transaction information,with a matching model, to determine whether the first transactioninformation matches the second transaction information (block 630). Forexample, the fraud platform (e.g., using computing resource 224,processor 320, memory 330, and/or the like) may process the firsttransaction information and the second transaction information, with amatching model, to determine whether the first transaction informationmatches the second transaction information, as described above inconnection with FIG. 1A-2.

As further shown in FIG. 6 , process 600 may include determining thatthe first transaction was incorrectly denied, due to the potential fraudassociated with the first transaction account, when the firsttransaction information substantially matches the second transactioninformation (block 640). For example, the fraud platform (e.g., usingcomputing resource 224, processor 320, storage component 340, and/or thelike) may determine that the first transaction was incorrectly denied,due to the potential fraud associated with the first transactionaccount, when the first transaction information substantially matchesthe second transaction information, as described above in connectionwith FIG. 1A-2.

As further shown in FIG. 6 , process 600 may include updating trainingdata for a fraud model, based on parameters of the fraud model thatcaused the first transaction to be incorrectly denied, to generateupdated training data (block 650). For example, the fraud platform(e.g., using computing resource 224, processor 320, memory 330, and/orthe like) may update training data for a fraud model, based onparameters of the fraud model that caused the first transaction to beincorrectly denied, to generate updated training data, as describedabove in connection with FIG. 1A-2.

As further shown in FIG. 6 , process 600 may include retraining thefraud model with the updated training data (block 660). For example, thefraud platform (e.g., using computing resource 224, processor 320,storage component 340, and/or the like) may retrain the fraud model withthe updated training data, as described above in connection with FIG.1A-2.

Process 600 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or described with regard to any other process described herein.

In some implementations, the fraud platform may process the secondtransaction information to generate processed second transactioninformation with a same format as the first transaction information. Insome implementations, the fraud platform may perform one or more actionsbased on determining that the first transaction was incorrectly denied.

In some implementations, when performing the one or more actions, thefraud platform may provide a customer service communication to a userdevice associated with a user of the first transaction account and thesecond transaction account, may provide reward points to the firsttransaction account, may provide, to the user device, a communicationrequesting confirmation that the first transaction was incorrectlydenied, and/or may remove a fraud lock on the first transaction account.

In some implementations, when performing the one or more actions, thefraud platform may provide a promotion to a user device associated witha user of the first transaction account and the second transactionaccount, may increase a spending limit associated with the firsttransaction account, may reduce an interest rate associated with thefirst transaction account, and/or may increase a cash back offerassociated with the first transaction account.

In some implementations, when processing the first transactioninformation and the second transaction information with a matchingmodel, the fraud platform may compare a first amount associated with thefirst transaction and a second amount associated with the secondtransaction, may compare first merchant information associated with thefirst transaction and second merchant information associated with thesecond transaction, may compare first location information associatedwith the first transaction and second location information associatedwith the second transaction, may compare first source informationindicating whether the first transaction occurred online or at a firstphysical location and second source information indicating whether thesecond transaction occurred online or at a second physical location, maycompare first time information associated with the first transaction andsecond time information associated with the second transaction, maycompare first date information associated with the first transaction andsecond date information associated with the second transaction, and/orthe like.

Although FIG. 6 shows example blocks of process 600, in someimplementations, process 600 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 6 . Additionally, or alternatively, two or more of theblocks of process 600 may be performed in parallel.

The foregoing disclosure provides illustration and description but isnot intended to be exhaustive or to limit the implementations to theprecise forms disclosed. Modifications and variations may be made inlight of the above disclosure or may be acquired from practice of theimplementations.

As used herein, the term “component” is intended to be broadly construedas hardware, firmware, or a combination of hardware and software.

It will be apparent that systems and/or methods described herein may beimplemented in different forms of hardware, firmware, and/or acombination of hardware and software. The actual specialized controlhardware or software code used to implement these systems and/or methodsis not limiting of the implementations. Thus, the operation and behaviorof the systems and/or methods were described herein without reference tospecific software code-it being understood that software and hardwaremay be designed to implement the systems and/or methods based on thedescription herein.

Even though particular combinations of features are recited in theclaims and/or disclosed in the specification, these combinations are notintended to limit the disclosure of various implementations. In fact,many of these features may be combined in ways not specifically recitedin the claims and/or disclosed in the specification. Although eachdependent claim listed below may directly depend on only one claim, thedisclosure of various implementations includes each dependent claim incombination with every other claim in the claim set.

No element, act, or instruction used herein should be construed ascritical or essential unless explicitly described as such. Also, as usedherein, the articles “a” and “an” are intended to include one or moreitems and may be used interchangeably with “one or more.” Furthermore,as used herein, the term “set” is intended to include one or more items(e.g., related items, unrelated items, a combination of related andunrelated items, etc.), and may be used interchangeably with “one ormore.” Where only one item is intended, the phrase “only one” or similarlanguage is used. Also, as used herein, the terms “has,” “have,”“having,” or the like are intended to be open-ended terms. Further, thephrase “based on” is intended to mean “based, at least in part, on”unless explicitly stated otherwise.

What is claimed is:
 1. A method, comprising: receiving, by a device,first information associated with a first transaction that is related toa first account associated with a first entity; determining, by thedevice and based on a first machine learning model, that the firsttransaction is to be denied due to a potential fraud associated with thefirst account; obtaining, by the device, second information associatedwith a second transaction that is related to a second account associatedwith a second entity, wherein the first entity and the second entity aredifferent; determining, by the device and based on a second machinelearning model, whether the first information and the second informationmatch within a predetermined threshold; and performing, by the deviceand based on determining whether the first information and the secondinformation match within the predetermined threshold, an action thatincludes: removing, when the first information and the secondinformation match within the predetermined threshold, a lock associatedwith the first account to allow the first account to be utilized, ordetermining that the first transaction was correctly denied due to thepotential fraud.
 2. The method of claim 1, wherein the secondinformation is obtained based on scraping the second information from anapplication executing on another device.
 3. The method of claim 1,wherein the second information is received from third party sources thatare not associated with the second entity.
 4. The method of claim 1,wherein the second information is received from another deviceassociated with the second account.
 5. The method of claim 1, whereinthe first account and the second account are associated with a user. 6.The method of claim 1, wherein the first transaction is associated withutilizing a first transaction card, and wherein the second transactionis associated with utilizing a second transaction card.
 7. The method ofclaim 1, wherein the first information and the second information areassociated with at least one of: a first amount associated with thefirst transaction and a second amount associated with the secondtransaction, first merchant information associated with the firsttransaction and second merchant information associated with the secondtransaction, first location information associated with the firsttransaction and second location information associated with the secondtransaction, first information indicating whether the first transactionoccurred online or at a physical location, and second informationindicating whether the second transaction occurred online or at aphysical location, or first time information associated with the firsttransaction and second time information associated with the secondtransaction.
 8. A device, comprising: one or more memories; and one ormore processors, coupled to the one or more memories, configured to:receive first information associated with a first transaction that isrelated to a first account associated with a first entity; determine,based on a first machine learning model, that the first transaction isto be denied due to a potential fraud associated with the first account;obtain second information associated with a second transaction that isrelated to a second account associated with a second entity; determine,based on a second machine learning model, whether the first informationand the second information match within a predetermined threshold; andperform, based on determining whether the first information and thesecond information match within the predetermined threshold, an actionassociated with the potential fraud.
 9. The device of claim 8, whereinthe second information is obtained based on scraping the secondinformation from an application executing on another device.
 10. Thedevice of claim 8, wherein the second information is received from thirdparty sources that are not associated with the second entity.
 11. Thedevice of claim 8, wherein the second information is received fromanother device associated with the second account.
 12. The device ofclaim 8, wherein the first account and the second account are associatedwith a user.
 13. The device of claim 8, wherein the first transaction isassociated with utilizing a first transaction card, and wherein thesecond transaction is associated with utilizing a second transactioncard.
 14. The device of claim 8, wherein the first information and thesecond information are associated with at least one of: a first amountassociated with the first transaction and a second amount associatedwith the second transaction, first merchant information associated withthe first transaction and second merchant information associated withthe second transaction, first location information associated with thefirst transaction and second location information associated with thesecond transaction, first information indicating whether the firsttransaction occurred online or at a physical location, and secondinformation indicating whether the second transaction occurred online orat a physical location, or first time information associated with thefirst transaction and second time information associated with the secondtransaction.
 15. A non-transitory computer-readable medium storing a setof instructions, the set of instructions comprising: one or moreinstructions that, when executed by one or more processors of a device,cause the device to: receive first information associated with a firsttransaction that is related to a first account associated with a firstentity; determine, based on a first machine learning model, that thefirst transaction is to be denied due to a potential fraud associatedwith the first account; obtain second information associated with asecond transaction that is related to a second account associated with asecond entity, wherein the first entity and the second entity aredifferent; determine, based on a second machine learning model, whetherthe first information and the second information match within apredetermined threshold; and perform, based on determining whether thefirst information and the second information match within thepredetermined threshold, an action associated with the first account.16. The non-transitory computer-readable medium of claim 15, wherein thesecond information is obtained based on scraping the second informationfrom an application executing on another device.
 17. The non-transitorycomputer-readable medium of claim 15, wherein the second information isreceived from third party sources that are not associated with thesecond entity.
 18. The non-transitory computer-readable medium of claim15, wherein the second information is received from another deviceassociated with the second account.
 19. The non-transitorycomputer-readable medium of claim 15, wherein the first account and thesecond account are associated with a user.
 20. The non-transitorycomputer-readable medium of claim 15, wherein the first transaction isassociated with utilizing a first transaction card, and wherein thesecond transaction is associated with utilizing a second transactioncard.